主页 / server / 问题 / 1139905
Accepted
Rougher
Asked: 2023-07-30 15:44:14 +0800 CST

ClamAV 在 Conda 包中的 Ubuntu 实例上检测到 Win.Virus.Expiro-10004389-0 恶意软件

  • 772

今天 clamAV 扫描了我的 AWS 实例并检测到每个实例上受感染的文件。由于以下几个原因,它看起来像是误报:

  1. 所有这些文件都是在 2021 年创建的(为什么现在才检测到它们?)

  2. 每个实例的SSH端口由MFA+密码+VPN保护。

所有这些文件都在Conda环境中,只有exe文件被感染(我的AWS实例是Ubuntu操作系统)。

难道是和这里一样的问题吗?

/home/kidas/anaconda3/pkgs/conda-build-3.24.0-py310h06a4308_0/lib/python3.10/site-packages/conda_build/cli-64.exe: Win.Virus.Expiro-10004389-0 FOUND
/home/kidas/anaconda3/pkgs/conda-build-3.24.0-py310h06a4308_0/lib/python3.10/site-packages/conda_build/cli-32.exe: Win.Virus.Expiro-10004389-0 FOUND
/home/kidas/anaconda3/pkgs/conda-23.3.1-py310h06a4308_0/lib/python3.10/site-packages/conda/shell/cli-64.exe: Win.Virus.Expiro-10004389-0 FOUND
/home/kidas/anaconda3/pkgs/conda-23.3.1-py310h06a4308_0/lib/python3.10/site-packages/conda/shell/cli-32.exe: Win.Virus.Expiro-10004389-0 FOUND
/home/kidas/anaconda3/lib/python3.10/site-packages/conda/shell/cli-64.exe: Win.Virus.Expiro-10004389-0 FOUND
/home/kidas/anaconda3/lib/python3.10/site-packages/conda/shell/cli-32.exe: Win.Virus.Expiro-10004389-0 FOUND
/home/kidas/anaconda3/lib/python3.10/site-packages/conda_build/cli-64.exe: Win.Virus.Expiro-10004389-0 FOUND
/home/kidas/anaconda3/lib/python3.10/site-packages/conda_build/cli-32.exe: Win.Virus.Expiro-10004389-0 FOUND

VirusTotal 结果(所有 AV 显示 - 未检测到这些 AV):

                "ClamAV": {
                    "category": "malicious",
                    "engine_name": "ClamAV",
                    "engine_version": "1.1.0.0",
                    "result": "Win.Virus.Expiro-10004389-0",
                    "method": "blacklist",
                    "engine_update": "20230730"
                },
                "SymantecMobileInsight": {
                    "category": "type-unsupported",
                    "engine_name": "SymantecMobileInsight",
                    "engine_version": "2.0",
                    "result": null,
                    "method": "blacklist",
                    "engine_update": "20230119"
                },
                "Trustlook": {
                    "category": "type-unsupported",
                    "engine_name": "Trustlook",
                    "engine_version": "1.0",
                    "result": null,
                    "method": "blacklist",
                    "engine_update": "20230730"
                },
                "Avast-Mobile": {
                    "category": "type-unsupported",
                    "engine_name": "Avast-Mobile",
                    "engine_version": "230730-02",
                    "result": null,
                    "method": "blacklist",
                    "engine_update": "20230730"
                },
                "Google": {
                    "category": "malicious",
                    "engine_name": "Google",
                    "engine_version": "1690700450",
                    "result": "Detected",
                    "method": "blacklist",
                    "engine_update": "20230730"
                },
                "BitDefenderFalx": {
                    "category": "type-unsupported",
                    "engine_name": "BitDefenderFalx",
                    "engine_version": "2.0.936",
                    "result": null,
                    "method": "blacklist",
                    "engine_update": "20230729"
                }
ubuntu

1 个回答

  1. Best Answer

    根据 Virustotal 引擎的更新问题,我发现一些防病毒引擎检测为恶意软件。我能给出的最佳建议是将这些文件的所有操作保留几天。并在一周后重复检查。然后,如果您看到更多 AV 引擎确认其已被感染,您可以采取相应行动。您也可以向 Clamav 立案(以前从未这样做过)并要求进行更深入的调查。

    如果只有少数不那么知名的 AV 名称升起一个标志,您就可以很有可能确认文件正常并恢复操作。

    • 2

相关问题